Massive New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

NSE4_FGT-7.0 Questions and Answers

Question # 4

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A.

Warning

B.

Exempt

C.

Allow

D.

Learn

Full Access
Question # 5

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

A.

Shut down/reboot a downstream FortiGate device.

B.

Disable FortiAnalyzer logging for a downstream FortiGate device.

C.

Log in to a downstream FortiSwitch device.

D.

Ban or unban compromised hosts.

Full Access
Question # 6

Refer to the exhibit.

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.

How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

A.

If there is a full-through policy in place, users will not be prompted for authentication.

B.

Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

C.

Authentication is enforced at a policy level; all users will be prompted for authentication.

D.

Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

Full Access
Question # 7

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A.

Custom permission for Network

B.

Read/Write permission for Log & Report

C.

CLI diagnostics commands permission

D.

Read/Write permission for Firewall

Full Access
Question # 8

Which two statements are true about the RPF check? (Choose two.)

A.

The RPF check is run on the first sent packet of any new session.

B.

The RPF check is run on the first reply packet of any new session.

C.

The RPF check is run on the first sent and reply packet of any new session.

D.

RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Full Access
Question # 9

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A.

A CRL

B.

A person

C.

A subordinate CA

D.

A root CA

Full Access
Question # 10

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on

which device?

A.

FortiManager

B.

Root FortiGate

C.

FortiAnalyzer

D.

Downstream FortiGate

Full Access
Question # 11

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must an administrator do to achieve this objective?

A.

The administrator can register the same FortiToken on more than one FortiGate.

B.

The administrator must use a FortiAuthenticator device.

C.

The administrator can use a third-party radius OTP server.

D.

The administrator must use the user self-registration server.

Full Access
Question # 12

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A.

diagnose wad session list

B.

diagnose wad session list | grep hook-pre&&hook-out

C.

diagnose wad session list | grep hook=pre&&hook=out

D.

diagnose wad session list | grep "hook=pre"&"hook=out"

Full Access
Question # 13

Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com ? (Choose two.)

A.

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

B.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

C.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

D.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

Full Access
Question # 14

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Full Access
Question # 15

How does FortiGate act when using SSL VPN in web mode?

A.

FortiGate acts as an FDS server.

B.

FortiGate acts as an HTTP reverse proxy.

C.

FortiGate acts as DNS server.

D.

FortiGate acts as router.

Full Access
Question # 16

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

A.

Disabled

B.

On Demand

C.

Enabled

D.

On Idle

Full Access
Question # 17

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A.

Change password

B.

Enable restrict access to trusted hosts

C.

Change Administrator profile

D.

Enable two-factor authentication

Full Access
Question # 18

Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

A.

The security actions applied on the web applications will also be explicitly applied on the third-party websites.

B.

The application signature database inspects traffic only from the original web application server.

C.

FortiGuard maintains only one signature of each web application that is unique.

D.

FortiGate can inspect sub-application traffic regardless where it was originated.

Full Access
Question # 19

Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A.

Traffic between port2 and port2-vlan1 is allowed by default.

B.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C.

port1 is a native VLAN.

D.

port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Full Access
Question # 20

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

A.

FortiGate uses the AD server as the collector agent.

B.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C.

FortiGate does not support workstation check.

D.

FortiGate directs the collector agent to use a remote LDAP server.

Full Access
Question # 21

Refer to the exhibit.

The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.

Which interface will be selected as an outgoing interface?

A.

port2

B.

port4

C.

port3

D.

port1

Full Access
Question # 22

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

A.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B.

The client FortiGate requires a manually added route to remote subnets.

C.

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D.

Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Full Access
Question # 23

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A.

System event logs

B.

Forward traffic logs

C.

Local traffic logs

D.

Security logs

Full Access
Question # 24

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

A.

The SSL inspection needs to be a deep content inspection.

B.

Force access to Facebook using the HTTP service.

C.

Additional application signatures are required to add to the security policy.

D.

Add Facebook in the URL category in the security policy.

Full Access
Question # 25

An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

A.

Device detection on all interfaces is enforced for 30 minutes.

B.

Denied users are blocked for 30 minutes.

C.

A session for denied traffic is created.

D.

The number of logs generated by denied traffic is reduced.

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Jan 2022